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Claims 1 to 19 were pending in the application at the time 
of examination. Claims 1 to 19 stand rejected as anticipated. 

Applicants note that the assignee for the above 
application has transferred responsibility for the application 
to the undersigned attorney. Please address all future 
correspondence in the above application to the undersigned 
attorney. A revocation of attorney and appointment of new 
attorney has been filed and entered by the USPTO. 

Applicants have amended the description to correct 
grammatical errors . 

Applicants note that no § 112 rejections have been 
presented in the office action. Accordingly, in the view of 
the Examiner, the claims complied with all § 112 requirements. 
As described more completely below, some of the claims are 
amended to address informalities. Since only informalities are 
being corrected, the amendments do not affect the patentability 
of the claims. 

Claims 1, 4, and 7 and Claims 2, 5, and 8 are amended to 
correct an antecedent basis informality with respect to the 
user . 

Claims 3, 6, and 9 are amended to correct an antecedent 
basis informality with respect to the service portal and to 
cast the claims as a complete sentence by adding "and" after 
the next to last element. Claim 9 is also amended so that each 
element recites "means for." 

Claims 11, 14 and 17 are cancelled without prejudice to 
filing a continuation application. 

Claim 16 is amended so that each element recites "means 

for . " 

Claims 1 to 18 stand rejected under 35 U.S. C. § 102(b) as 
being anticipated by V. Samar, "Single Sign-On Using Cookies 
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for Web Applications, " hereinafter referred to as Samar. With 
respect to Claims 1, 4 and 7, the rejection stated, in part: 

. . . Samar discloses a method, program and apparatus for 
managing identification in a data communications network 
comprising a user- controlled secure storage device, 
authority network site, providing information requests, 
storing the data, enabling the service provider network 
site to obtain a service. (See page 162, Section 8) 

Applicants respectfully traverse the anticipation 
rejection of each of Claims 1, 4 and 7. Applicants 
respectfully note that it is not sufficient that Samar teach 
some authority network site, providing information requests, 
storing, etc. Rather, the MPEP requires: 

"A Claim is anticipated only if each and every 
element as set forth in the Claim is found, either 
expressly or inherently described, in a single prior art 

reference." "The identical invention must be 

shown in as complete detail as is contained in the . . . 
claim. " 



MPEP §2131, 8th Ed., Rev. 2, p. 2100-73, (May 2004). 



The rejection itself demonstrates that Samar fails to show 
"The identical invention . . . in as complete detail as is 
contained in the ... claim." Claim 1 does not recite the 
rejected "enabling the service provider network site to obtain 
a service," but rather, 

enabling said user-controlled secure storage device 
to release said user data 



The rejection has not even alleged that Samar teaches this 
element, let alone in as complete detail as is contained in the 
claim. This alone is sufficient to overcome the anticipation 
! rejection of each of Claims 1, 4 and 7. 
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In addition, the rejection has not identified what in 
Samar is considered to be "a user-controlled secure storage 
device, " as recited in each of Claims 1, 4, and 7. Assuming 
that the rejection is referring to the SSO cookie, the SSO 
cookie is not user controlled. The rejection has failed to 
cite any teaching in Samar that even suggests that a user is 
aware of the cookie, let alone controlling the cookie. In 
particular, Samar taught that servers controlled the cookie and 
the information placed in the cookie so Samar not only fails to 
teach Applicants' invention as recited in these claims, but 
also teaches away from Applicants' Claim 1. Applicants 
respectfully request reconsideration and withdrawal of the 
anticipation rejection of Claim 1. 

Claim 4 is a program storage device corresponding to 
method Claim 1 and thus includes substantially the same 
distinctive feature as Claim 1. Claim 7 is a means-plus- 
function Claim corresponding to method Claim 1 and thus 
includes substantially the same distinctive feature as Claim 1. 
Accordingly, the above comments with respect to Claim 1 are 
incorporated herein by reference for Claims 4 and 7 . 
Applicants request reconsideration and withdrawal of the 
obviousness rejection of each of Claims 4 and 7. 

With respect to Claims 2, 5 and 8, the rejection stated, 
in part : 

. . . Samar discloses a method, program and apparatus for 
managing identification in a data communications network 
comprising a user-controlled secure storage device, 
authority network site, providing information requested, 
receiving the data in two portions, storing the data, 
enabling the service provider network site to obtain a 
service. (See pages 162-163, Section 8 and 9) 
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Applicants respectfully traverse the anticipation rejection of 
Claim 2. Again, based upon the above quotation from the MPEP, 
Applicants respectfully note that it is not sufficient that 
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Samar teach some authority network site, providing information 
requests, storing, etc. 

Again, the rejection itself demonstrates that Samar fails 
to show "The identical invention . . . in as complete detail as 
is contained in the ... claim." Claim 2 does not recite the 
rejected "enabling the service provider network site to obtain 
a service," but rather, 

enabling said user-controlled secure storage device 
to release said user data 



The rejection has not even alleged that Samar teaches this 
element, let alone in as complete detail as is contained in the 
claim. This alone is sufficient to overcome the anticipation 
rejection of Claim 2. 

Further, Claim 2 does not recite the rejected "receiving 
the data in two portions," but rather, 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 
portion, said first portion comprising a cryptogram 
computed based on said second portion 
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Thus, the user data is received "in response to said 
enrolling, " and Claim 2 specifically defines the first portion 
of the user data. The rejection of Claim 2 does not even 
allege that Samar teaches the invention in this level of 
detail, but rather simply "receiving data in two portions." 
This level of analysis reduces the explicit Claim language to a 
gist which is not appropriate for an obviousness rejection, let 
alone an anticipation rejection. Applicants respectfully 
request reconsideration and withdrawal of the anticipation 
rejection of Claim 2. 

Claim 5 is a program storage device corresponding to 
method Claim 2 and thus includes substantially the same 
distinctive feature as Claim 2. Claim 8 is a means-plus- 
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function Claim corresponding to method Claim 2 and thus 
includes substantially the same distinctive feature as Claim 2. 
Accordingly, the above comments with respect to Claim 2 are 
incorporated herein by reference for Claims 5 and 8. 
Applicants request reconsideration and withdrawal of the 
obviousness rejection of each of Claims 5 and 8, 

With respect to Claims 3, 6 and 9, the rejection stated, 
in part : 

. . . Samar discloses a method, program and apparatus for 
managing identification in a data communications network 
presenting an identity credential request and data to be 
stored to a federated identity server via a client host, 
receiving an identity credential in response to randomized 
ID and receiving a logon credential in response to the 
service request (See page 161, Section 6.3.2, and page 
162, Section 7) 

Applicants respectfully traverse the anticipation rejection of 
Claim 3. Again, based upon the above quotation from the MPEP, 
Applicants respectfully note that the rejection fails to 
consider explicit Claim limitations and so fails to meet the 
criterion required for by the MPEP for an anticipation 
rejection. 

Again, the rejection itself demonstrates that Samar fails 
to show "The identical invention . . . in as complete detail as 
is contained in the ... claim." Claim 3 does not recite the 
rejected "receiving an identity credential in response to 
randomized ID" but rather, 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored 
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The rejection has not even alleged that Samar teaches this 
element but rather a totally different operation. This alone 
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is sufficient to overcome the anticipation rejection of 
Claim 3. 

Further, the cited sections of Samar do not include the 
word "randomized" and do not include any description of 
"verifying the truthfulness, accuracy and completeness of said 
data to be stored." Thus, Samar fails to satisfy the 
requirements of the MPEP. 

Finally, the rejection is incomplete, the rejection does 
not even allege that Samar teaches: 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server 

Thus, the anticipation rejection of Claim 3 is defective 
for multiple reasons. Applicants respectfully request 
reconsideration and withdrawal of the anticipation rejection of 
Claim 3 . 

Claim 6 is a program storage device corresponding to 
method Claim 3 and thus includes substantially the same 
distinctive feature as Claim 3. Claim 9 is a means-plus- 
function Claim corresponding to method Claim 3 and thus 
includes substantially the same distinctive feature as Claim 3 . 
Accordingly, the above comments with respect to Claim 3 are 
incorporated herein by reference for Claims 6 and 9. 
Applicants request reconsideration and withdrawal of the 
obviousness rejection of each of Claims 6 and 9. 

With respect to Claims 10, 13 and 16, the rejection 
stated, in part : 
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. . . Samar discloses a method for protecting privacy on a 
data communications network, receiving a user identifier 
and specific user data associated with the user 
identifier, the specific user data comprising data about a 
network user, creating user data based on specific user 
data, and returning the user identifier and the 
generalized user data. (See page 160, Section 6) 
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Applicants respectfully traverse the anticipation rejection of 
Claim 10. Again, based upon the above quotation from the MPEP, 
Applicants respectfully note that paraphrasing Applicants' 
Claim 10 and citing generally to a portion of Samar that 
extends over more than four columns fails to meet the 
requirements of the MPEP as quoted above. It is impossible 
from this rejection to determine what is considered in Samar to 
teach exactly the method of Claim 10. 

In the various transfers illustrated in Fig. 1 in 
Section 6 of Samar, each transfer shows one set of information 
being transmitted and a different set of information being 
returned. In contrast, Claim 10 recites: 

receiving a user identifier and specific user 
data . . . . ; and 

returning said user identifier and said generalized 
user data. (Emphasis Added) 
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The rejection has failed to identify any user identifier 
in Samar that is received and then returned as recited in 
Claim 10. As noted above, Fig. 1 of Samar does not show such 
an identifier. Therefore, the rejection fails to meet the 
requirements of the MPEP as quoted above. Applicants 
respectfully request reconsideration and withdrawal of the 
anticipation rejection of Claim 10. 

Claim 13 is a program storage device corresponding to 
method Claim 10 and thus includes substantially the same 
distinctive feature as Claim 10. Claim 16 is a means-plus- 
function Claim corresponding to method Claim 10 and thus 
includes substantially the same distinctive feature as 
Claim 10. Accordingly, the above comments with respect to 
Claim 10 are incorporated herein by reference for Claims 13 and 
16. Applicants request reconsideration and withdrawal of the 
obviousness rejection of each of Claims 13 and 16. 



Page 19 of 22 



Appl. No. 10/040,293 

Amdt. dated July 28, 2005 

Reply to Office Action of March 29, 2005 



With respect to Claims 12, 15, and 18, the rejection 
stated, in part : 

. . . Samar discloses a method for protecting privacy on a 
data communications network, storing user logon 
information for at least one service provider on a user- 
controlled secure device, the least one service provider 
server comprising at least one network server providing a 
service to a user, and logging on the device, and logging 
on providing access to the least one service provider 
server.. (See page 161, Sections 6.1.3 and 6.3) 

Applicants respectfully traverse the anticipation rejection of 
Claim 12. Again, based upon the above quotation from the MPEP, 
Applicants respectfully note that paraphrasing Applicants' 
Claim 12 and citing generally two different things- - "The 
Brownie Structure" and "Security Analysis" - -fails to meet the 
requirements of the MPEP as quoted above. It is impossible 
from this rejection to determine what is considered in Samar to 
teach exactly the method of Claim 12 . 

In addition, the rejection has not identified what in 
Samar is considered to be "a user-controlled secure storage 
device." It cannot be associated with the brownie structure of 
Samar, because Samar stated "Note that brownies are never 
returned back to the browser." (Emphasis in original.) Since 
the browser is on the only user controlled device, Samar taught 
away from 

storing user logon information for at least one 
service provider server on a user-controlled secure device 
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as recited in Claim 12 because the brownie is not stored on 
such a device according to Samar. Similarly, the description 
in Section 6.3 of "the conditions under which the cookie can be 
attacked" is unrelated to this Claim element. Finally, neither 
the brownie nor the security analysis of Samar teaches 
anything concerning logging on to the user controlled secure 
device. Accordingly, the cited portions of Samar fail to 
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satisfy the criterion from the MPEP as quoted above with 
respect to Claim 12. Applicants respectfully request 
reconsideration and withdrawal of the anticipation rejection of 
Claim 12. 

Claim 15 is a program storage device corresponding to 
method Claim 12 and thus includes substantially the same 
distinctive feature as Claim 12. Claim 18 is a means-plus- 
function Claim corresponding to method Claim 12 and thus 
includes substantially the same distinctive feature as 
Claim 12. Accordingly, the above comments with respect to 
Claim 12 are incorporated herein by reference for Claims 15 and 
18. Applicants request reconsideration and withdrawal of the 
obviousness rejection of each of Claims 15 and 18. 

Claim 19 is rejected under 35 U.S.C. 102(b) as being 
anticipated by Ming-Chuan Wu et al . , "Encoded Bitmap Indexing 
for Data Warehouses, " hereinafter referred to as Wu. The 
rejection stated in part: 

. . . a data structure stored in the memory, the data 
structure including a bit -mapped in the field determined 
by whether the user is a member of a group associated with 
the bit, the mapping for between bits in the field and 
membership in a group maintained by an aggregation 
authority. (See Abstract, page 22 0, and Section 2.1) 
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Applicants respectfully traverse the anticipation 
rejection of Claim 19. Again, based upon the above quotation 
from the MPEP, the requirement for a reference is not that the 
reference teach some general abstract concept related to the 
invention, but rather the reference must show "The identical 
invention in as complete detail as is contained in the . . . 
claim. " 

Wu describes generally the concept of using "simple bitmap 
indexing and the application domain for which it is ideally 
suited." The application domain is defined by abstract 
mathematical concepts and is not related by Wu to "membership 
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in a group." Further, the rejection cited no teaching of "the 
mapping for between bits in said field and membership in a 
group maintained by an aggregation authority, " but simply 
paraphrased the claim language. Accordingly, the rejection 
failed to meet the criteria required by the MPEP for an 
anticipation rejection. Applicants request reconsideration and 
withdrawal of the anticipation rejection of Claim 19. 

Claims 1 to 10, 12, 13, 15, 16, 18 and 19 remain in the 
application. Claims 1 to 9 and 16 are amended. Claims 11, 14 
and 17 are cancelled. For the foregoing reasons, Applicant (s) 
respectfully request allowance of all pending claims. If the 
Examiner has any questions relating to the above, the Examiner 
is respectfully requested to telephone the undersigned Attorney 



for Applicant (s) . 
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